1- Decompress the orginal "Firefox Setup 5.0.exe" using 7zip in a temp folder.

2- Add a file in the folder "core\defaults\pref" with the name "local-settings.js". It should contains this: pref("general.config.filename", "mozilla.cfg");. This will indicate to use the configuration file "mozilla.cfg" for the settings. By settings I mean "Default starting page", download settings, etc.

3- Create in the folder "core" the file "mozilla.cfg".
To make it more secure I render the file mozilla.cfg unreadable using normal means by using ByteShifter. Do a Google search. It's free and easy to use. I use it to encrypt my mozilla.cfg file that contain this for example.

It is possible to package firefox in the way bkelly has mentioned so that it can be managed by Group Policy.

1) Download the extension from https://addons.mozilla.org/en-US/firefox/addon/gpo-for-firefox/

2) Copy the installed extension directory into the core/extensions folder and re-pack it in an sfx.

I have found it useful to go a fair bit further, and place the code inside the browser code. I add it to the browser.js file (in core/omni.jar/chrome/browser/content/browser). This way there is no way for the users to accidentally or purposefully delete/disable the extension. I have been doing this for a while now, works perfectly and you can manage most things (locked proxy settings, homepages etc).